Common Data Security Architecture (CDSA) White Paper
Certificate Library Services (CL) API
Revokes the input certificate by adding a record of the certificate to the CRL. The CRL entry consists of OID/values provided by the application. The new record is signed using the revoker’s certificate and the updated CRL is returned to the calling application. The CL defines which fields must or cannot be set using this function. This operation is valid only if the CRL has not been signed. Once the CRL has been signed, entries can not be added or removed.
CL_CrlRemoveCert ( )
Reinstates the input certificate by removing the record representing the certificate from the CRL, then returning updated CRL to the calling application. This operation is valid only if the CRL has not been signed. Once the CRL has been signed, entries can not be added or removed.
CL_CrlSign ( )
Creates a digital signature for the entire CRL using the signer’s certificate. The cryptographic context handle indicates the algorithm and parameters to be used for signing.
CL_CrlVerify ( )
Verifies the signer certificate’s signature on the subject CRL. The cryptographic context handle indicates the algorithm and parameters to be used for verification.
CL_IsCertInCrl ( )
Searches the CRL for a record corresponding to the input certificate.
CL_CrlGetFirstFieldValue ( )
Returns the first field in the CRL that matches the input OID. If an application requests a
CL_CrlGetNextFieldValue ( )
Returns the next field associated with the input results handle, which had been obtained by calling CSSM_CL_CrlGetFirstFieldValue.
CL_CrlAbortQuery ( )
Releases a handle assigned by the CL_CrlGetFirstFieldValue function to identify the results of a CRL query, thus allowing the CL to release all intermediate state information associated with the query operation.
CL_CrlDescribeFormat ( )
Returns a list of the types of fields in the CRL format supported by the CL module.
40 | Chapter 1 |